Observations on articles I read to keep current about technology. My interests are: Privacy, security, business, the computer industry, and geeky stuff that catches my eye.

I don't think I have an agenda beyond my own amusement.

Note that I lump all my comments into a single post. This is not a typical BLOG technique, It's just an indication that I'm lazy.

Saturday, September 23, 2017

So, no vote counting systems were breached, in
fact, most systems were merely scanned not breached, and the
companies responsible for security of these systems asked DHS to keep
their clients in the dark. Have I correctly de-obfuscated their
statements?

U.S.
Informs 21 States They Were Targeted By Attempted Russian Hacking

The Department of Homeland Security on Friday gave
election officials in nearly two dozen states additional information
on Russian targeting of their election systems last year, ending
months of uncertainty among administrators about which states were
targeted in a Kremlin-backed effort.

… DHS said it would leave it up to the states
to disclose to the public whether they were targets of the
Russian-backed campaign.

Officials previously have said no evidence of
manipulated tallies has been found.

… DHS
cited the privacy rights of entities that contacted the DHS for help
on cybersecurity-related issues for keeping state election officials
in the dark, most of which were private-sector vendors who
are contracted by state and local governments.

That left election officials in nearly a dozen
states unaware of whether their state systems were targeted until
Friday.

DHS
officials agreed to make sure that the top state election officials
were notified about breaches in the future, according to
Stephen Reed, the director of communications at the National
Association of Secretaries of State

… A DHS official said that most of the Russian
activity involved scanning voting systems for possible weaknesses.
In some cases, attempts to penetrate computer networks were
unsuccessful. DHS said a “small number” of computer networks
were successfully penetrated. None of the systems in question were
involved in vote tallying, the official said.

According to a
new report, an average of 1.385 million unique new phishing sites are
created every month, peaking at 2.3 million in May 2017. The
majority of these are online and active for an average of just 4 to 8
hours. This combination of volume and brevity makes it effectively
impossible to counter phishing -- especially targeted spear-phishing
and whaling -- with block lists. By the time the site is included on
a block list, the damage is done and the phishing site is no longer
used.

Webroot's
latest Quarterly Threat Trends (PDF)
report chronicles the increasing sophistication and danger in
targeted spear-phishing. According to the Verizon 2017 Data Breaches
Investigation Report (DBIR),
phishing was found in 90% of security breaches and incidents. And
according to the FBI, phishing scams have cost American businesses
almost $500 million per year over the last three years.

Walmart
wants to walk into your home and put groceries in your refrigerator

On Friday, the retail giant announced a
partnership with August Home, a smart-lock startup, that would allow
a delivery person to enter customers' orders and put groceries away
in their refrigerators.

The test will take place in Silicon Valley with a
small number of August Home users who have opted into the service.

"Think about that — someone else does the
shopping for you AND puts it all away," Sloan Eddleston,
Walmart's vice president of e-commerce strategy and business
operations, wrote in a blog post
on Friday.

Eddleston laid out the step-by-step process of
"in-fridge delivery" in the post.

Perspective. If it is true that you should buy on
bad news, then bad news delivered by proven incompetent managers
should cause a deluge of buy orders.

Shares of credit reporting agency Equifax, the
victim of a “megabreach” earlier this month, rose more than 6% on
Friday, as Wells Fargo upgraded the stock to outperform.

Equifax ended the trading session on Friday at
$105.04 per share, up $6.79, or 6.9%. As of the close Friday, it was
still down more than 26% since the breach.

Wells Fargo said the severity of the hack, in
combination with many of the resulting public relations nightmares –
including an investigation into whether company executives engaged in
insider trading – have created
“an attractive entry point for this high-quality consumer credit
franchise.” Despite the current bout of negative
publicity, Wells Fargo believes Equifax’s core business will remain
intact

(Related). $1.9 trillion in assets, revenue of
$22.0 billion, net income of $5.8 billion. The paper clip budget is
probably more than $100 million!

The Consumer Financial Protection Bureau could
have fined Wells Fargo in excess of $10 billion for its illegal sales
practices but instead settled for $100 million, according to the
agency’s internal documents released by congressional Republicans
this week.

The CFPB also had evidence that the bank’s sales
problems went back to at least 2006 — far earlier than the 2011 to
2016 timetable that Wells Fargo originally admitted to, the documents
show.

Perspective. When I say “High Speed” Internet
isn’t really High Speed, this is what I’m comparing it to.

Microsoft's
subsea speed monster: A cable 16 million times faster than your
broadband

Microsoft, Facebook and Telefonica have hit a key
milestone in delivering their new trans-Atlantic subsea cable with a
data capacity of 160
terabits per second.

… Microsoft boasts
that its 160-terabit/s cable is 16 million times faster than your
home broadband and could stream 71 million HD videos simultaneously.
The cable contains eight pairs of fiber-optic threads wrapped in
copper.

… To get a sense of the language used on
Reddit, we parsed every comment since late 2007 and built the tool
above, which enables you to search for a word or phrase to see how
its popularity has changed over time. We’ve updated the tool to
include all comments through the end of July 2017.

Washington
Examiner: “The D.C. Court of Appeals ruled on Thursday
[September 21, 2017] that it is unconstitutional for law enforcement
to use certain technologies that allow the tracking of a suspect’s
cellular phone without a warrant. The ruling reversed a decision of
the Superior Court of the District of Columbia that allowed police to
use a particular tracking tool, the cell-site simulator, calling it a
violation of Fourth Amendment privacy protections as they relate to
policing tactics. Investigators have used cell-site simulators to
act as fake cell towers to connect to devices they are searching
instead of the device’s regular network.”

It might be useful to know how thinly the
algorithm slices the data. I’d wager that there were hundreds of
thousands (perhaps millions) of ad categories identified by analyzing
all the data available to Facebook.

Then
on Thursday, Mark Zuckerberg said he was handing over details of
more than 3,000 advertisements bought by groups with links to the
Kremlin, a move made possible by the advertising algorithms that have
made Mr Zuckerberg a multi-billionaire.

Gross misconduct, you might say – but of course
you can’t sack the algorithm. And besides, it was only doing what
it was told.

“The algorithms are working exactly as they were
designed to work,” says Siva Vaidhyanathan, professor of media
studies at the University of Virginia.

No, its success lies in the little people. The
florist who wants to spend a few pounds targeting local teens when
the school prom is coming up, or a plumber who has just moved to a
new area and needs to drum up work.

Facebook’s wild profits - $3.9bn (£2.9bn)
between April and June this year - are due to that automated process.
It finds out what users
like, it finds advertisers that want to hit those interests, and it
marries the two and takes the money. No humans necessary.

… That system will be slightly less human-free
in future. In his nine-minute address, a visibly uncomfortable Mark
Zuckerberg said his company would be bringing on human beings to help
prevent political abuses. The day before, its chief operating
officer said more humans would help solve the anti-Semitism issue as
well.

“But Facebook
can’t hire enough people to sell ads to other people at that
scale,” Prof Vaidhyanathan argues.

(Related). One verb is as good as another to an
algorithm. Apparently, nothing triggers alarms.

Instagram
used a user’s image which included the text “I will rape you
before I kill you, you filthy whore!” to advertise its service on
Facebook, the latest example of social media algorithms boosting
offensive content.

Guardian reporter Olivia Solon recently discovered
that Instagram, which is owned by Facebook,
made an advertisement out of a photo she had posted of a violent
threat she received in an email, which said “Olivia, you fucking
bitch!!!!!!!” and “I Will Rape You”.

Instagram selected the screenshot, which she
posted nearly a year ago, to advertise the photo-sharing platform to
Solon’s sister this week, with the message, “See Olivia Solon’s
photo and posts from friends on Instagram”.

Change is hard. People (and companies) resist
change way beyond all logic. They prefer to keep doing the same
thing, even if the science proves them wrong.

The vulnerability of governments and businesses to
cyberattacks was exposed again Wednesday when a top U.S. financial
regulator said hackers had breached its electronic database of
market-moving corporate announcements, and may have profited from the
information they stole.

The hack of an aspect of the U.S. Securities and
Exchange Commission’s Edgar filing system occurred last year, the
regulator said in a statement.
While the SEC has been aware
of the breach since 2016, it wasn’t until last month
that the agency concluded that the cybercriminals involved may have
used their bounty to make illicit trades. The regulator disclosed
the intrusion for the first time Wednesday.

… The SEC didn’t say which companies may
have been impacted by the 2016 intrusion. Chris Carofine, a
spokesman for Clayton, declined to comment when asked what type of
information was improperly accessed.

It keeps getting more complicated for Equifax.

The credit agency's Twitter account tweeted links
on Wednesday to a fake sitepretending to be
Equifax, further bungling
the company's response to a massive
hack that affected 143 million customers.

Equifax, like many companies, handles customer
service and complaints through its Twitter account. But in tweets
replying to people asking for help and more information, it
occasionally directed them to "securityequifax2017.com."

The domain, designed to look like a phishing site,
was set up to criticize how the company handled the situation.

The
official account tweeted links to the same site multiple times
since September 9, two days after the breach was first announced.
The links have been deleted, but screenshots
show it was not a one-time flub.

It's easy to mistake the fake site for the real
one: equifaxsecurity2017.com. The company created it earlier this
month to share information on the major data breach.

Security experts criticized Equifax's decision to
use this domain and website because it looks a lot like a scam site.
Soon after it launched, some browsers flagged
it as a phishing site. Experts warned hackers could
create similar websites and trick people into giving up personal
information.

… While
initially shouting out loud that the compromise was addressed before
any harm was done to users, Avast on Wednesday confirmed
that this was in fact a highly targeted attack and that a secondary
payload was executed on some of the impacted systems.

Analysis of
the logs found on the C&C server revealed that 20 machines in a
total of 8 organizations received the second-stage payload. However,
the logs only covered just over three days, and the actual number of
machines that received the payload could be of hundreds, Avast says.

The security
firm wouldn’t reveal the names of targeted organizations, but says
that these were “select large technology and telecommunication
companies in Japan, Taiwan, UK, Germany and the US.” This clearly
means that most of the CCleaner users weren’t of interest to the
attackers.

Fortune
– “A federal judge this week delivered a key victory for
customers who claim the digital scrapbook company Shutterfly
violated their privacy by collecting scans of their faces without
permission. In a 19-page opinion,
U.S. District Judge Joan Gottschall rejected Shutterfly’s argument
that an Illinois state law, which restricts how companies can use
biometric data, should not apply.”

Apparently Joe Cadillic and I aren’t the only
ones who thought that a Ravens promo raised a lot of warning flags,
although our concern wasn’t as regulatory as much as
privacy-oriented. Joe sent along this update:

Jeff Barker reports:

Massachusetts biotech firm still intends
to give away DNA test kits to fans at a Ravens game this season,
according to the team, but the promotion first must undergo scrutiny
from a federal agency and the state.

The “DNA Day”
event, scheduled for last Sunday’s Ravens-Cleveland
Browns game at M&T Bank Stadium, was postponed after the
federal Centers for Medicare & Medicaid Services raised questions
with the state about approvals, state and federal officials said.

Fans attending the game were to receive test kits
and, if they chose to participate, swab the inside of their cheek,
drop the sample into a bin at the stadium and register with the
company online to receive a free analysis.

Another example of, “Gee, maybe that algorithm
isn’t perfect?” No doubt the FBI will be asking for a list of
Amazon’s customers who purchased the suggested items...

Amazon said on Wednesday that it was reviewing its
website after a British television report said the online retail
giant’s algorithms were automatically suggesting bomb-making
ingredients that were “Frequently bought together.”

The news is particularly timely in Britain, where
the authorities are investigating a terrorist attack last week on
London’s Underground subway system. The attack involved
a crude explosive in a bucket inside a plastic bag, and detonated
on a train during the morning rush.

The news report is the latest example of a
technology company drawing criticism for an apparently faulty
algorithm. Google
and Facebook have come under fire for allowing advertisers to
direct ads to users who searched for, or expressed interest in,
racist sentiments and hate speech. Growing awareness of these
automated systems has been accompanied by calls for tech firms to
take more responsibility for the contents on their sites.

Kade N. Olsen and Craig A. Newman report on a
court opinion in the D-Link case – a case that addresses some of
the issues also raised in LabMD vs. FTC:

Yesterday,
a District Court in Northern California weighed in on the U.S.
Federal Trade Commission’s (FTC) authority to protect consumers
from “unfair” and “deceptive” data security practices. The
decision,
which granted in part and denied in part the defendant’s motion to
dismiss, is a mixed bag for the Commission.

As
we previewed earlier this year, the FTC filed suit against D-Link
Systems, Inc. (“D-Link”), a company that manufactures and sells
home networking devices. According
to the FTC, D-Link failed to protect its products from “widely
known risks of unauthorized access” by not providing “easily
preventable” measures against “‘hard-coded’ user credentials
and other backdoors,” not maintaining the confidentiality of the
private key D-Link used with consumers to validate software updates,
and not deploying “free
software, available since at least 2008, to secure users’ mobile
app login credentials.” These practices, the FTC
maintained, were both (1) “deceptive” and (2)“unfair” under
Section 5 of the FTC Act, 15 U.S.C. § 45.

Read more on Patterson Belknap Data
Security Law Blog. Here’s the part that may give LabMD a smile
or a “That’s what we think, too” nod:

But,
the court ultimately found “merit” in D-Link’s argument that
the FTC had failed to plead sufficiently that consumers had been
injured. As followers of our LabMD
coverage will recall, Section 5(n) of the FTC Act provides that
the Commission cannot declare an act “unfair” unless, inter
alia, that act “causes or is likely to cause substantial
injury to consumers.”

The
district court explained that the FTC did “not allege any actual
consumer injury in the form of a monetary loss or an actual incident
where sensitive data was accessed or exposed.” It was not enough,
Judge Donato held, that the FTC claimed that D-Link “put consumers
at ‘risk.’” Without “concrete facts” of a “single
incident where a consumer’s financial, medical or sensitive data
has been accessed, exposed or misused in any way,” the unfairness
claim depended on “wholly conclusory allegations” of “potential
injury.”

… There may be blood
in the water in Silicon Valley, but it isn’t coming from
Amazon. The company’s stock is up roughly 30% this year,
unperturbed by tepid financial results and the angry tweets of US
president Donald Trump. Its business practices remain unfettered by
federal regulators and seem unlikely to be criticized at the local
and state level so long as HQ2 is on the auction block.

… As for the American public, why would they
turn against Amazon? By one estimate, 85 million people, or roughly
two-thirds
of US households, are subscribers to Prime, Amazon’s $99-a-year
membership program. They rely on it for everything from toilet paper
to blenders to bluetooth speakers, spending an annual average of
$1,300. Bezos wants Prime to be such a good deal “you’d be
irresponsible not to be a member.” Put another way, that you’d
be irresponsible not to like Amazon.

Perspective. Does the need to access technology
now override security concerns?

Saudi Arabia will lift a ban on internet phone
calls, a government spokesman said, part of efforts to attract more
business to the country.

All online voice and video call services such as
Microsoft’s Skype and Facebook’s WhatsApp that satisfy regulatory
requirements will become accessible at midnight (2100 GMT), Adel Abu
Hameed, spokesman for the telecoms regulator CITC said on Twitter on
Wednesday.

The policy reversal represents part of the Saudi
government’s broad reforms to diversify the economy partly in
response to low oil prices, which have hit the country’s finances.

Perspective. Think about this one. Your camera
‘knows’ when you are taking a picture of a cake or a bird.
Perhaps it will rat you out to Mom & Dad when you start Sexting?

Take a video of a birthday cake’s candles
sparkling in an Instagram story, then tap the sticker button. Near
the top of the list you’ll see a slice of birthday cake.

It’s a little thing. This simple trick is not
breathtaking nor magical. But it
is the beginning of something transformative. Smartphones
already changed how most people take pictures. The latest Silicon
Valley quest is to reimagine what a camera is, applying the
recent progress in artificial intelligence to allow your phone to
read the physical world as easily as Google read the web.

… The AI Camera team is responsible for giving
the cameras inside these apps an understanding of what you’re
pointing them at. In the near future, your camera will understand
its location, recognize the people in the frame, and be able to
seamlessly augment the reality you see.

“You
can be a victim of identity theft even if you never use a computer.
Malicious people may be able to obtain personal information (such as
credit card numbers, phone numbers, account numbers, and addresses)
by stealing your wallet, overhearing a phone conversation, rummaging
through your trash (a practice known as dumpster diving), or picking
up a receipt at a restaurant that has your account number on it. If
a thief has enough information, he or she may be able to impersonate
you to purchase items, open new accounts, or apply for loans. The
Internet has made it easier for thieves to obtain personal and
financial data. Most companies and other institutions store
information about their clients in databases; if a thief can access
that database, he or she can obtain information about many people at
once rather than focus on one person at a time. The Internet has
also made it easier for thieves to sell or trade the information,
making it more difficult for law enforcement to identify and
apprehend the criminals…”

Margaret
M. Wood, legal reference librarian in the Law Library.
“Two years ago, in honor of Constitution Day—celebrated annually
on September 17—I wrote a post
about the publication “Constitution of the United States: Analysis
and Interpretation,” also referred to as the “Constitution
Annotated.” Along with the U.S.
Code, it is one of my favorite work resources. Unfortunately, it
is a behemoth of a work—it takes two hands to hold the volume,
which weighs a good 10 pounds. Fortunately, the text is also
available online through Congress.gov
and through the U.S.
Government Publishing Office, whose digital system includes both
the most recent edition (2016)
as well as historic editions back to 1992.
But given my penchant
for bringing work topics into social situations, even the
online version is not very practical. I cannot, very easily,
fire up the computer during a conversation at a dinner or cocktail
party. However, fortunately for me, there
is an app
for the “Constitution Annotated.” It debuted
in 2013, when Congress.gov was still in beta,
and has since been updated…”

[From
the App description:

This app:

- Delivers the full
text of “Constitution of the United States of America: Analysis and
Interpretation”
- Contains a clause-by-clause discussion of
the entire Constitution
- Discusses all Supreme Court cases and
selected historical documents relevant to interpreting the
Constitution
- Lists all federal, state, and local laws struck
down by the Supreme Court, and all cases where the Court overturned
its prior precedent
- Contains a table of contents, table of
cases, and an index

And days after a report found more jihadist
propaganda is viewed online in the UK than any other country in
Europe.

… The so-called Islamic State generated 27,000
extremist postings on platforms like Twitter in a five-month period
between January and May this year.

The links ranged from bomb-making instructions to
calls to commit atrocities with cars and knives, with
the majority of shares taking place in the first two hours. [So
even a two hour window will miss ‘the majority’ of shares? Bob]

Twitter said it had removed 299,649 accounts in
the first half of this year for the “promotion of terrorism”, a
20 percent decline from the previous six months, although
it gave no reason for the drop. Three-quarters of those accounts
were suspended before posting their first tweet.

(Related). A drop in the bucket or a way to
identify potential solutions?

A District of Columbia court has
dismissed
two lawsuits over the Office of Personnel Management (OPM) data
breach disclosed in 2015.

The American Federation of Government
Employees, the largest federal workers union, filed
the class action lawsuit against the OPM in June 2015, alleging that
the breaches stemmed from gross negligence on the part of federal
officials.

The lawsuit was one of two consolidated
complaints related to the OPM breach that the U.S. District Court for
D.C. dismissed on Tuesday, ruling
that both sets of plaintiffs lacked the standing to bring their
cases.

Okay, since these lawsuits weren’t under the
same laws we generally see in consumer lawsuits over breaches, we’ll
have to dig into this one a bit more to see why the court did not
find that the plaintiffs had standing. In the meantime, I’ll keep
an eye out to see if any law firms provide an analysis of the opinion
on their sites that I can link to here.

Keep in mind that I consider the OPM breach one of
the worst breaches ever because of the amount of personal and
sensitive information involved. If these plaintiffs have trouble
demonstrating why they have standing, well….. maybe it’s time to
revisit what it should take to demonstrate standing when your
background checks, biometric data, and other personal and sensitive
information wind up in the hands of unknown threat actors due to an
entity’s failure to adequately safeguard your information.

A technical glitch caused Amazon.com Inc to email
some of its customers erroneously that they had received a gift, the
company said on Tuesday.

The email displayed an image of a crawling infant
and told shoppers they had received a present from their baby
registry. A number of recipients, however, reported on social media
that they were not expecting a child.

“Amazon just informed me that someone has
purchased a gift from my baby registry. My baby is 21, and hopes
it’s a keg,” Washington Post reporter Karen Tumulty said on
Twitter.

I bet they would! Big money, but is it enough to
get the attention of other Boards of Directors?

… While the 118-year-old credit-reporting firm
has been hit with more than 100 consumer lawsuits over its massive
security breach, legal experts say there’s room for a deal because
neither side has a slam-dunk case.

A global settlement of about $200 million is
plausible, said Nathan Taylor, a cybersecurity lawyer with Morrison
Foerster LLP in Washington. That’s a projection based on the
$115 million Anthem
Inc. agreed to pay in June -- setting a U.S. record -- to resolve
claims that it didn’t protect a smaller number of people from a
2015 criminal hack that stole similarly sensitive information, Taylor
said.

With lawyers collecting as much as a third of any
payout, the company may end up spending an average of less than $1
per person for credit monitoring and out-of-pocket expenses for 143
million Equifax consumers whose data was compromised.

That’s a good deal for the embattled credit
reporting company as its
exposure theoretically could amount to $143 billion under
a federal law that carries damages of as much as $1,000 per
violation, plus punitive damages.

(Related). Look before you leap. Caveat
emptor. There’s a
sucker born every minute.

… Where once teenagers or early 20-somethings
may have wandered into their local supermarket and applied for their
first job, now
a substantial share of employers are using online personality
assessments to gauge the skill and character of potential
dishwashers, burger-flippers and other entry-level jobs.

That’s putting young job seekers at a
disadvantage, according to a report
released Wednesday by JobsFirstNYC, a New York City-based
nonprofit that advocates for out-of-school and out-of-work young
adults. The report is based on an experiment, which asked 18 to
22-year-olds to submit applications to 42 major employers in the New
York City area in 2012 and 2014.

The authors found that tests were so extensive —
in some cases 200 questions — that they
discouraged young people from applying or made it difficult for them
to complete the applications, a problem that was
particularly acute for low-income young people who may not have
regular access to the internet. Young adults may struggle more than
older applicants to answer some of the questions because their brain
and personality development isn’t complete, they added.

Tuesday, September 19, 2017

You may have never heard of Flathead Valley in
Montana. I’ll admit that I had never heard of it until tonight
when I received a tip to go look at a post on their sheriff’s
Facebook page. And that’s when I learned that Flathead County
schools had not only been
hacked and threatened if they didn’t pay the hackers, but parents
had received messages threatening to kill their children.
The threats were taken seriously enough that 30
schools were closed for days while the county and federal law
enforcement investigated the threats.

We are now in the realm of TheDarkOverlord v2.0,
it seems.

For those who, like this blogger, have followed
the criminal activities of TheDarkOverlord, reading a report of them
thoroughly hacking an entity and then writing a lengthy demand letter
threatening to expose confidential files or personal information –
well, that’s nothing new. But contacting parents of school
children and threatening their children’s physical safety?

It is TheDarkOverlord on steroids, at the very
least. But is it a real threat?

TheDarkOverlord are masters at doing their
research, and were aiming to create significant terror in their
targets. I think it’s pretty clear that they accomplished that –
at least in the short-term. But is this approach likely to result in
more payments from victims, or has TheDarkOverlord misunderstood the
psychology of its intended victims? There is certainly no indication
that Flathead Valley will be paying them any money.

What the people of Flathead County may not know,
but what law enforcement should certainly know, is that this is not
the first time TheDarkOverlord has threatened physical violence
against a victim. DataBreaches.net is not reproducing an earlier
threat missive, but it, too, was designed to terrorize its target by
threatening physical violence against the victim’s family. And the
Flathead case is not the first case where TheDarkOverlord has
contacted its victims by phone or SMS to threaten them or deliver
obscenity-laden messages.

And maybe that’s the first thing law enforcement
could have done to reassure the community: to recognize from the
style and writing that this was/is the work of TheDarkOverlord and
they’ve threatened physical violence before but never followed up
on it – at least, not to date.

Of course, if TheDarkOverlord is really outside of
the U.S., as the sheriff apparently told the community, then actual
physical violence seems less likely. But should the county be
telling the public that TheDarkOverlord is outside of the U.S.? It’s
a reasonable hypothesis, but do they actually have any hard proof of
that? If they don’t have actual proof, wouldn’t it be more
honest to say, “We believe that they’re outside of the U.S.”
than to assert that they are?

… In the meantime, the Flathead Beacon
has done a truly admirable job of reporting on the situation as it
has evolved, and you can get caught up on the details by reading
their reports (in reverse chronological order, below:)

Equifax
Suffered a Hack Almost Five Months Earlier Than the Date It Disclosed

Equifax
Inc. learned about a major breach of its computer systems in
March -- almost five months before the date it has publicly
disclosed, according to three people familiar with the situation.

In a statement, the company said the March breach
was not related to the
hack that exposed the personal and financial data on 143 million
U.S. consumers, but one of the people said the
breaches involve the same intruders.

… Equifax hired the security firm Mandiant on
both occasions and may have believed it had the initial breach under
control, only to have to bring the investigators back when it
detected suspicious activity again on July 29, two of the people
said.

… The revelation of a March breach will
complicate the company’s efforts to explain a series of unusual
stock sales by Equifax executives. If it’s shown that those
executives did so with the knowledge that either or both breaches
could damage the company, they could be vulnerable to charges of
insider trading. The U.S. Justice Department has opened a criminal
investigation into the stock sales, according to people familiar with
the probe.

Equifax has said the executives had no knowledge
that an intrusion had occurred when the transactions were made.

… There’s no evidence that the publicly
disclosed chronology is inaccurate, but it leaves out a set of key
events that began earlier this spring, the people familiar with the
probe said.

In early March, they said, Equifax began notifying
a small number of outsiders and banking customers that it had
suffered a breach and was bringing in a security firm to help
investigate. The company’s outside counsel, Atlanta-based law firm
King & Spalding, first engaged Mandiant at about that time.
[Hired not by Equifax, but
by their lawyers. Bob] While it’s not clear how long
the Mandiant and Equifax security teams conducted that probe, one
person said there are indications it began to wrap up in May.
Equifax has yet to disclose
that March breach to the public.

One possible explanation, according to several
veteran security experts consulted by Bloomberg, is that the
investigation didn’t uncover evidence that data was accessed. Most
data breach disclosure laws kick in only once there’s evidence that
sensitive personal identifying information like social security
numbers and birth dates have been taken. The Equifax spokesperson
said the company complied fully with all consumer notification
requirements related to the March incident.

Apparently, a large percentage of people prefer
conspiracy over truth.

Facebook’s fact-checking efforts are on the
rocks. Five months after the social-media giant debuted a
third-party tool to stop the spread of dubious news stories on its
platform, some of its fact-checker partners have
begun expressing frustration that the company won’t share data
on whether or not the program has been effective.

In the absence of that official data, a study
by Yale researchers made waves last week by suggesting that flagging
a post as “disputed” makes readers just a slim 3.7 percent less
likely to believe its claim. Among
Trump supporters and young people, the fact-checking program
seems to backfire entirely: Those respondents
were more likely to believe flagged posts than unflagged ones.

… Facebook users who cluster around
conspiracy-related content tend to interact only with material that
affirms their preexisting worldview, but in the rare cases when they
do come into contact with dissenting information that attempts to
debunk conspiracy theories—in the form of public posts by
science-related pages—the conspiracy theorists become more, rather
than less, likely to interact with conspiracy-related content in the
future. In fact, conspiracy theorists who never interact with
dissenting viewpoints are almost twice as likely as those who do to
eventually drift away from conspiracy-themed content.

In other words, attempting to correct wrongheaded
beliefs on Facebook appears to accomplish the precise opposite.

… The user will need to first apply their
location, though, so Google knows which library to search. T he
results, as shown in the tweeted image above, lists the library under
a ‘Borrow ebook’ section which itself appears to be found under
the ‘Get Book’ tab. You’ll need to search the book’s title
to see this, at which point there’s only a bit of scrolling and a
tap to get to the item.

If you do tap the link to borrow the ebook, you’ll
be taken to a page where you can then sign in with your library
credentials. From there you can proceed as usual, reading a sample
or outright borrowing the book if you already know you want it. The
feature is rolling out now and can be found on mobile and desktop (at
the bottom of the right-hand panel in the latter case).

Users of Avast-owned security application CCleaner
for Windows have been advised to update their software immediately,
after researchers discovered criminal hackers had installed a
backdoor in the tool. The tainted application allows for download of
further malware, be it ransomware or keyloggers, with fears millions
are affected. According to Avast's own figures, 2.27 million ran the
affected software, though the company said users should not panic.

… The malware would send encrypted information
about the infected computer - the name of the computer, installed
software and running processes - back to the hackers' server. The
hackers also used what's known as a domain generation algorithm
(DGA); whenever the crooks' server went down, the DGA could create
new domains to receive and send stolen data. Use of DGAs shows some
sophistication on the part of the attackers.

Social media app Snapchat has blocked access to Al
Jazeera articles and videos on the platform in Saudi Arabia,
following a request from Saudi authorities.

Snapchat said it blocked access to AJ’s Discover
Publisher Channel at the request of authorities because it allegedly
violated Saudi laws.

Al Jazeera, a Qatari-backed broadcaster, was one
of the points of contention in the ongoing dispute between Qatar on
one side and Saudi Arabia, Bahrain, Egypt and the UAE on the other.
All cut ties with Qatar for allegedly supporting terrorism. Doha
denies the accusation.

The complete shutdown of Al Jazeera was included
in the list of 13 conditions which Saudi Arabia gave to Qatar in
return for the removal of sanctions.

… Mr. Tuan’s arrest came just weeks after
Facebook offered a
major olive branch to Vietnam’s government. Facebook’s head
of global policy management, Monika Bickert, met with a top
Vietnamese official in April and pledged to remove information from
the social network that violated
the country’s laws.

While Facebook said its policies in Vietnam have
not changed, and it has a consistent process for governments to
report illegal content, the Vietnamese government was specific. The
social network, they have said, had agreed to help create a new
communications channel with the government to prioritize Hanoi’s
requests and remove what the regime considered inaccurate
posts about senior leaders.

Populous, developing countries like Vietnam are
where the company is looking to add its next billion customers —
and to bolster its ad business. Facebook’s promise to Vietnam
helped the social media giant placate a government that had called on
local companies not
to advertise on foreign sites like Facebook, and it remains a
major marketing channel for businesses there.

The diplomatic
game that unfolded in Vietnam has become increasingly common for
Facebook. The internet is
Balkanizing, and the world’s largest tech companies have
had to dispatch envoys to, in effect, contain the damage such
divisions pose to their ambitions.

… As nations try to grab back power online, a
clash is brewing between governments and companies. Some of the
biggest companies in the world — Google, Apple, Facebook, Amazon
and Alibaba among them — are finding they need to play by an
entirely new set of rules on the once-anarchic internet.

And it’s not just one new set of rules.
According to a review by The New York Times, more than 50 countries
have passed laws over the last five years to gain greater control
over how their people use the web.

At least they don’t have to record their choices
in cursive. Perhaps we will soon need a new acronym: TO;CG (too old,
call grandpa)?

Both sides in
Australia’s referendum on same-sex marriage wonder if millennials,
more accustomed to texting and social media, actually know how to
send a letter.

The future of democracy faces an unexpected
challenge from within.

Can young voters learn to use a mailbox?

The outcome of a national mail-in vote in
Australia this fall on sanctioning same-sex marriage may teeter on
the answer. “I don’t really know what the go is with post boxes,
stamps, that kind of thing,” says 23-year-old Anna Dennis. Ms.
Dennis, a sociology student at the elite Australian National
University, says the last time she had to mail a parcel “I took my
dad to help.”

… Tiernan Brady was recruited to run the
Equality Campaign after heading Ireland’s same-sex marriage
referendum in 2015. He says he starts campaign events by asking,
“How many people have posted a letter in the past year?”

Typically, “only a handful of hands go up,”
Mr. Brady says.

“Australians don’t do postal votes,” he
says. “The last one was in 1917, so we can safely say no one alive
remembers it.”

Like elsewhere, instant-message apps and email
have taken their toll. Mail volume has plummeted, according to
Australia Post, the national mail service: Australians sent a billion
fewer letters last year than a decade ago. Business and government
mail account for 95% of all letters.

Postal service appears to have joined the list of
habits abandoned by millennials, including paying by check and
answering the doorbell, a device that a majority in a recent Twitter
poll agreed was “scary weird.”

… Sending a letter is like recalling the times
table from grade-school arithmetic, says Yan Zhuang, a 21-year-old
politics major at the University of Melbourne. “You sort of
remember,” she says, “but not really.”

Australia Post says it doesn’t know how many
young people send mail. A 2015 study for the Royal Mail in the U.K.
found a third of them believe “writing letters is a thing of the
past.” Half said they wrote friends on social media every day;
most said they mailed about one letter a year.

Just out of curiosity, I’d like to see the cost
projections they based this advertising scheme on.

Verizon said it sent notices of disconnection to
the affected customers this month and those customers will have until
October 17th to find new mobile service. Verizon says that’s
plenty of time for people to find new networks as the customers
generate more in roaming charges than they generate income for
Verizon.

“These customers live outside of areas
where Verizon operates our own network. Many of the affected
consumer lines use a substantial amount of data while roaming on
other providers’ networks and the roaming costs generated by these
lines exceed what these consumers pay us each month.”

The interesting part of this story is that
Verizon’s letter to customers doesn’t provide any way for them to
stick with Verizon by reducing their data use. The letter simply
states the October 17 cut-off period. One affected customer
contactedArs Technica and said her family only used 50GB across 4
lines, which is well below the 22GB cut-off.

Verizon maintains that these customers are getting
the boot because of their roaming charges, but also fails to mention
that it advertised its own unlimited plans directly to these rural
customers in order to entice them to get plans. Now that the cost
has become more than Verizon can bare, they’re giving those
customers the boot.

Via LLRX
– The
Fight to Bring Legal Research to the Front – Law librarian and
professor Brandon Adler identifies core issues to support educating
third year law students in a wide range of reliable free and low cost
legal resources. Many law librarians acknowledge that there is a
lack of awareness and use of alternative legal resources, with the
law student community as well across a large swath of attorneys in
firms both large and small.

Via LLRX – AI
And The Rule Of Law – Our exposure to and reliance upon an
increasingly ubiquitous range of technology is intertwined with
issues related to intellectual property law. With smartphone cameras
used to capture and share what their respective creators otherwise
claim as intellectual property, to the devices, services and
applications that comprise the Internet of Things (IoT), Ken
Grady raises significant and as yet unresolved concerns
about how the rule of law will be applied in response to the use, and
misuse, of AI and digital personal assistants.

Why lies work? Why it is hard to change the first
thing you learn? The importance of a reliable first source?

News
release: “It’s no
use simply telling people they have their facts wrong. To
be more effective at correcting misinformation in news accounts and
intentionally misleading “fake news,” you
need to provide a detailed counter-message with new
information – and get your audience to help develop a new
narrative. Those are some takeaways from an extensive
new meta-analysis [fee req’d] of laboratory debunking studies
published in the journal Psychological Science. The analysis, the
first conducted with this collection of debunking data, finds that a
detailed counter-message is better at persuading people to change
their minds than merely labeling misinformation as wrong. But even
after a detailed debunking, misinformation still can be hard to
eliminate, the study finds. “The effect of misinformation is very
strong,” said co-author Dolores Albarracín, professor of
psychology at the University of Illinois at Urbana-Champaign. “When
you present it, people buy it. But we also asked whether we are able
to correct for misinformation. Generally, some degree of correction
is possible but it’s very difficult to completely correct…”

“Debunking: A Meta-Analysis of the Psychological
Efficacy of Messages Countering Misinformation” was conducted by
researchers at the Social
Action Lab at the University of Illinois at Urbana-Champaign and
at the Annenberg
Public Policy Center of the University of Pennsylvania. The
teams sought “to understand the factors underlying effective
messages to counter attitudes and beliefs based on misinformation.”
To do that, they examined 20 experiments in eight research reports
involving 6,878 participants and 52 independent samples. The
analyzed studies, published from 1994 to 2015, focused on false
social and political news accounts, including misinformation in
reports of robberies; investigations of a warehouse fire and traffic
accident; the supposed existence of “death panels” in the 2010
Affordable Care Act; positions of political candidates on Medicaid;
and a report on whether a candidate had received donations from a
convicted felon. The researchers coded and analyzed the results of
the experiments across the different studies and measured the effect
of presenting misinformation, the effect of debunking, and the
persistence of misinformation.”

Software
startup Slack Technologies Inc said it raised $250 million from
SoftBank Group Corp (9984.T)
and other investors in its latest funding round, boosting the
company’s valuation to $5.1 billion.

… Slack’s sizeable funding round reflects
the trend of a growing number of $100 million-plus checks pouring
into technology startups. In the second quarter this year, there
were 34 venture capital deals of $100 million or more, nearly triple
the 12 such transactions in the first quarter, according to data firm
PitchBook Inc.

Thorstein Veblen was a cranky economist of
Norwegian descent who coined the phrase “conspicuous consumption”
and theorized that certain products could defy the economic laws of
gravity by stoking more
demand with superhigh prices.

His 1899 book, “Theory of the Leisure Class,”
made him famous in his time and more than a century later his ideas
are embodied in products like Hermès handbags, Bugatti cars and
Patek Philippe watches.

The Open Library
is a part of the Internet Archive.
The Open Library is a
collection of more than one million free ebook titles. The
collection is cataloged by a community of volunteer online
librarians. The ebooks in the Open Library can be read online,
downloaded to your computer, read on Kindle and other ereader
devices, and embedded into other sites. Some of the ebooks, like
Treasure Island, can also be listened to through the Open Library.

Much like Google Books, the Open Library can be a
great place to find free copies of classic literature that you want
to use in your classroom. The Open Library could also be a good
place for students to find books that they want to read on their own.
The audio option, while very electronic sounding, could be helpful
if you cannot locate any other audio copies of the book you desire.

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.